<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <title>Release 4.7: Tcl API</title>
    <link rel="stylesheet" href="gettingStarted.css" type="text/css" />
    <meta name="generator" content="DocBook XSL Stylesheets V1.73.2" />
    <link rel="start" href="index.html" title="Berkeley DB Programmer's Reference Guide" />
    <link rel="up" href="upgrade_4_7_toc.html" title="Chapter 44. Upgrading Berkeley DB 4.6 applications to Berkeley DB 4.7" />
    <link rel="prev" href="upgrade_4_7_repapi.html" title="Release 4.7: Replication API" />
    <link rel="next" href="upgrade_4_7_interdir.html" title="Release 4.7: DB_ENV-&gt;set_intermediate_dir" />
  </head>
  <body>
    <div class="navheader">
      <table width="100%" summary="Navigation header">
        <tr>
          <th colspan="3" align="center">Release 4.7: Tcl API</th>
        </tr>
        <tr>
          <td width="20%" align="left"><a accesskey="p" href="upgrade_4_7_repapi.html">Prev</a> </td>
          <th width="60%" align="center">Chapter 44. Upgrading Berkeley DB 4.6 applications to Berkeley DB 4.7</th>
          <td width="20%" align="right"> <a accesskey="n" href="upgrade_4_7_interdir.html">Next</a></td>
        </tr>
      </table>
      <hr />
    </div>
    <div class="sect1" lang="en" xml:lang="en">
      <div class="titlepage">
        <div>
          <div>
            <h2 class="title" style="clear: both"><a id="upgrade_4_7_tcl"></a>Release 4.7: Tcl API</h2>
          </div>
        </div>
      </div>
      <p>The Berkeley DB Tcl API does not attempt to avoid evaluating input as Tcl
commands. For this reason, it may be dangerous to pass unreviewed user
input through the Berkeley DB Tcl API, as the input may subsequently be
evaluated as a Tcl command.  To minimize the effectiveness of a Tcl
injection attack, the Berkeley DB Tcl API in the 4.7 release routine resets
process' effective user and group IDs to the real user and group IDs.</p>
    </div>
    <div class="navfooter">
      <hr />
      <table width="100%" summary="Navigation footer">
        <tr>
          <td width="40%" align="left"><a accesskey="p" href="upgrade_4_7_repapi.html">Prev</a> </td>
          <td width="20%" align="center">
            <a accesskey="u" href="upgrade_4_7_toc.html">Up</a>
          </td>
          <td width="40%" align="right"> <a accesskey="n" href="upgrade_4_7_interdir.html">Next</a></td>
        </tr>
        <tr>
          <td width="40%" align="left" valign="top">Release 4.7: Replication API </td>
          <td width="20%" align="center">
            <a accesskey="h" href="index.html">Home</a>
          </td>
          <td width="40%" align="right" valign="top"> Release 4.7: DB_ENV-&gt;set_intermediate_dir</td>
        </tr>
      </table>
    </div>
  </body>
</html>
